• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.3
• /
• pp.1212-1228
• /
• 2016

Secure communication is an important aspect of today's interconnected environments and it can be achieved by the use of cryptographic algorithms and protocols. However, many existing cryptographic mechanisms are tightly integrated into communication protocols. Issues emerge when security vulnerabilities are discovered in cryptographic mechanisms because their replacement would eventually require replacing deployed protocols. The concept of cryptographic agility is the solution to these issues because it allows dynamic switching of cryptographic algorithms and keys prior to and during the communication. Most of today's secure protocols implement cryptographic agility (IPsec, SSL/TLS, SSH), but cryptographic agility mechanisms cannot be used in a standalone manner. In order to deal with the aforementioned limitations, we propose a lightweight cryptographically agile agreement model, which is formally verified. We also present a solution in the Agile Cryptographic Agreement Protocol (ACAP) that can be adapted on various network layers, architectures and devices. The proposed solution is able to provide existing and new communication protocols with secure communication prerequisites in a straightforward way without adding substantial communication overhead. Furthermore, it can be used between previously unknown parties in an opportunistic environment. The proposed model is formally verified, followed by a comprehensive discussion about security considerations. A prototype implementation of the proposed model is demonstrated and evaluated.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.153-168
• /
• 2016

This paper introduces a structure, features and programming techniques for the CNG(Cryptography API: Next Generation), which is the substitution of the CAPI(Cryptography API) from Microsoft. The CNG allows to optimize a scope of functions and features because it is comprised of independent modules based on plug-in structure. Therefore, the CNG is competitive on development costs and agility to extend. In addition, the CNG supports various functions for the newest cryptographic algorithm, audit, kernel-mode programming with agility and possible to contribute for core cryptography services in a new environment. Therefore, based on these advantageous functions, we analyze the structure of CNG to extend it for the enterprise and the public office. In addition, we implement an error-detection tool for program which utilizes CNG library.